groups: - name: 2FAuth Configuration description: Configure 2FAuth - name: Network Configuration description: Configure Network for 2FAuth - name: Storage Configuration description: Configure Storage for 2FAuth - name: Resources Configuration description: Configure Resources for 2FAuth portals: web_portal: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" path: "$kubernetes-resource_configmap_portal_path" questions: - variable: twofauthConfig label: "" group: 2FAuth Configuration schema: type: dict attrs: - variable: appName label: App Name description: The name of the 2FAuth. schema: type: string default: "2FAuth" required: true - variable: appUrl label: App URL description: | The URL that 2FAuth will be accessible from.
Example:
http://server.ip:30081
https://2fauth.example.com schema: type: uri default: "" required: true - variable: siteOwnerEmail label: Site Owner Email description: The email address of the site owner. schema: type: string default: "" required: true - variable: authenticationGuard label: Authentication Guard description: | When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will trust him as long as headers are presents. schema: type: string default: "web-guard" required: true enum: - value: "web-guard" description: Web Guard - value: "reverse-proxy-guard" description: Reverse Proxy Guard - variable: authProxyHeaderUser label: Authentication Proxy Header User description: | Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. Check your proxy documentation to find out how these headers are named. schema: type: string default: "" show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]] required: true - variable: authProxyHeaderEmail label: Authentication Proxy Header Email description: | Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. Check your proxy documentation to find out how these headers are named. schema: type: string default: "" show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]] required: true - variable: webauthnUserVerification label: WebAuthn User Verification description: | Most authenticators and smartphones will ask the user to actively verify themselves for log in. For example, through a touch plus pin code, password entry, or biometric recognition (e.g., presenting a fingerprint). The intent is to distinguish one user from any other. schema: type: string default: "preferred" required: true enum: - value: "preferred" description: Preferred - value: "required" description: Required - value: "discouraged" description: Discouraged - variable: trustedProxies label: Trusted Proxies description: The list of proxies IP to trust schema: type: list default: [] items: - variable: trustedProxy label: Trusted Proxy schema: type: string required: true - variable: additionalEnvs label: Additional Environment Variables description: Configure additional environment variables for 2FAuth. schema: type: list default: [] items: - variable: env label: Environment Variable schema: type: dict attrs: - variable: name label: Name schema: type: string required: true - variable: value label: Value schema: type: string required: true - variable: twofauthNetwork label: "" group: Network Configuration schema: type: dict attrs: - variable: webPort label: Web Port description: The port for the 2FAuth Web UI. schema: type: int default: 30081 min: 9000 max: 65535 required: true - variable: hostNetwork label: Host Network description: | Bind to the host network. It's recommended to keep this disabled.
schema: type: boolean default: false - variable: twofauthStorage label: "" group: Storage Configuration schema: type: dict attrs: - variable: config label: 2FAuth Config Storage description: The path to store 2FAuth Configuration. schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system. schema: type: string required: true default: "ixVolume" enum: - value: "hostPath" description: Host Path (Path that already exists on the system) - value: "ixVolume" description: ixVolume (Dataset created automatically by the system) - variable: datasetName label: Dataset Name schema: type: string show_if: [["type", "=", "ixVolume"]] required: true hidden: true immutable: true default: "config" $ref: - "normalize/ixVolume" - variable: hostPath label: Host Path schema: type: hostpath show_if: [["type", "=", "hostPath"]] immutable: true required: true - variable: additionalStorages label: Additional Storage description: Additional storage for 2FAuth. schema: type: list default: [] items: - variable: storageEntry label: Storage Entry schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system. schema: type: string required: true default: "ixVolume" enum: - value: "hostPath" description: Host Path (Path that already exists on the system) - value: "ixVolume" description: ixVolume (Dataset created automatically by the system) - variable: mountPath label: Mount Path description: The path inside the container to mount the storage. schema: type: path required: true - variable: hostPath label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["type", "=", "hostPath"]] required: true - variable: datasetName label: Dataset Name description: The name of the dataset to use for storage. schema: type: string show_if: [["type", "=", "ixVolume"]] required: true immutable: true default: "storage_entry" $ref: - "normalize/ixVolume" - variable: resources group: Resources Configuration label: "" schema: type: dict attrs: - variable: limits label: Limits schema: type: dict attrs: - variable: cpu label: CPU description: CPU limit for 2FAuth. schema: type: string max_length: 6 valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' valid_chars_error: | Valid CPU limit formats are
- Plain Integer - eg. 1
- Float - eg. 0.5
- Milicpu - eg. 500m default: "4000m" required: true - variable: memory label: Memory description: Memory limit for 2FAuth. schema: type: string max_length: 12 valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' valid_chars_error: | Valid Memory limit formats are
- Suffixed with E/P/T/G/M/K - eg. 1G
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
- Plain Integer in bytes - eg. 1024
- Exponent - eg. 134e6 default: "8Gi" required: true